Has your Gmail been hacked? Here’s how to tell and how to recover your account

Ray Fernandez

Jul 17, 20238 min read

Has your Gmail been hacked? Here's how to tell and how to recover your account (Header image)

Google has built some strong security features into Gmail, like two-factor authentification and encryption, making it difficult for cybercriminals to pull off a Gmail password hack.

However, not all users activate 2FAs, and even those who do can be at risk. Cybercriminals continue to target Gmail due to its massive potential to store valuable and sensitive data. The question is, are you at risk?

Can someone hack your Gmail and your Google account?

The short answer is, yes. Gmail can be hacked. If someone has hacked your Gmail account, they can access not only your Google account but also the websites and services you use. This means a hacked Gmail account is more serious than simply losing an email address and the emails within it. It is a threat that can spread beyond Gmail.

Cybercriminals can use a hacked Gmail account to scam your contacts and gain access to your Google account, as well as other services. 

Once a cybercriminal hacks your Gmail password and Google account, they can:  

  • Change passwords 
  • Change verification and notifications
  • Send email and spam
  • Steal your data
  • Breach your bank or digital wallets 
  • Sell your entire account or personal information on the dark web
  • Extort you
  • Shut down the account 
  • Remotely delete devices linked to a Google account
  • Steal passwords to other websites
  • Hack your social media like Snapchat, Facebook, or TikTok

How to tell if your Gmail has been hacked

Google explains that someone else might be using your Gmail without permission if you notice unfamiliar activity in any of your Google products. A quick way of knowing if another device is using your Gmail account is to check My Account > Security > Your Devices. This section can show you details about all the devices that have logged into your account in the past 28 days. 

Screenshot: How to check your Google Account Devices

On the other hand, there are several other signs that serve as clear indicators that your account has been hacked.

1. Your password has been changed

If you try to log in to your account only to discover that your password is not working, it either means you forgot it, or someone has hacked your account. Most hackers seek to shut you off from accessing your account and will change the password. But some criminals prefer that their victims not know their accounts have been hacked, so they will leave the password unchanged. 

If your password is changed, take immediate action and start the Gmail recovery process, as explained below. 

2. Your Inbox and Sent folder look off

If the first thing you notice when you access your inbox is that something is off, you should trust your instincts and seek to identify what’s wrong. 

Hackers will often open unread emails, send spam from hacked accounts, and email friends and contacts to further continue scamming and hacking. You might also notice emails from Gmail or other sites notifying you about security and password changes. This is a clear indication of a manipulated account.

3. Your Settings have been changed

Hackers may change the settings of your Gmail or Google account. Once they gain access, they can forward your emails to another account and change the security questions, 2FAs, and recovery emails.

In other words, it’s not enough to simply check your password after noticing suspicious activity. Hackers may add phone and recovery emails to easily gain access in case you recover the account. 

Screenshot: Check for suspicious Gmail Setting changes

4. You are getting strange security notifications

Often Gmail accounts are linked to cellphones or other emails. If you are getting unusual notifications about login attempts or changes in security settings, it is a red flag that someone is trying to hack your email — or has already hacked it. 

Additionally, if your friends, family, or contacts tell you that they have received strange messages or notifications, or are receiving emails from you that you didn’t send, take immediate action to secure your Gmail account.

5. Your other services have been hacked

One of the main reasons cybercriminals hack into a Gmail account is to gain the resources to set new passwords to access other sites, including bank accounts, e-wallets, crypto sites, or work systems. They might also be hacking your Gmail to get to Google documents like online spreadsheets, or to use other Google products linked to your account. 

Always be vigilant about any emails from Gmail or other accounts related to password changes you did not request or other security notifications. Additionally, remember that if one of your services has been hacked, there is a chance the hacker first hacked your Gmail to access the site. 

How to recover your hacked Gmail account in 2023

To recover a hacked Gmail account, you must act fast. Speed is of the essence because the more time you give a hacker, the more control they will have over your account and the less likely you will be able to recover it. 

There are three steps to recovering a hacked Gmail: 

  1. Reset your password immediately 
  2. Complete a security checkup
  3. Follow the security tips

Can I contact Google about a hacked account?

According to Atlas VPN, almost 6 million accounts based on multiple publicly available sources like Gmail were hacked in 2021. In response to the growing trend of breaches, Google security experts are available to assist users who have been hacked.

It is possible to contact Google security experts about your hacked account through various channels. However, as mentioned above, it is essential to first attempt a password reset and an account recovery. If the official Gmail steps to recover your account fail, you can always contact Gmail Community experts. 

To contact Gmail Community Experts: 

  1. Go to Google Account Help and search for questions already answered by the Community. 
  2. If your question isn’t answered there, scroll to the bottom of the page and click “Need more help? / Ask the Help Community.” 
  3. A new page will load where you can ask your question and contact an expert.

Those who use Google accounts through work or school and are Google Workspace administrators can contact Google directly for support. 

To contact support for Google Workspace:   

  1. Sign in to your Google Admin console using an administrator account email. 
  2. At the top right of the Admin console, click “Get help.”
  3. In the Help window, click “Contact support.”

How to recover your hacked Gmail

The first step to recovering your Gmail account, if you believe it has been hacked, is to change your password. 

To change your Gmail password: 

  1. Sign in to your Gmail account. 
  2. Click the profile icon and click “Manage your Google Account.”
  3. On the top left menu, click “Security.” 
  4. Scroll down to “Signing in to Google,” then click “Password.” You will have to enter your password again.
  5. Click “Next,” and a new window will load where you can set a new password. 

Changing the password will lock out anyone who has hacked your Gmail. To ensure that your account is secure, check that 2FA is active, and also check your recovery phone and email. You can find 2-Step Verification in the Security Menu below Password. The recovery phone number and email address are found on the same page in the “Ways that we can verify it’s you” section. If they’re incorrect, follow the instructions to change them. 

How to recover a hacked Google account without a password

Things get a bit more complicated if you are late to the show and the hacker has already changed the password. However, just because your password has been changed, it doesn’t mean you will lose access or control of your Gmail account. 

Remember — the sooner, the better. Wait too long, and hackers will change all methods you have to verify the account is yours and lock you out.   

To start the account recovery process, go to the recovery page.

How to recover your Gmail account: Screenshot

Keep the following tips in mind for a successful recovery process:

  • Answer the questions as best you can.
  • Don’t skip any questions. Even when not sure, take your best guess. 
  • Complete the recovery on a device linked to your account that Google will recognize. 
  • Do it in a location that Google will recognize and associate with the account (for example, your home or work). 
  • Be exact with passwords and security question answers. A typo can mean the difference between gaining access or not. 
  • When asked to enter an email address, use one already linked to your account that you can access.

Once you regain access to your account, you should change your password and check your 2FA and your security settings.

How to delete your hacked Gmail account

The only way to delete a Gmail account is to have access to the account. So if a hacker has shut you out, you will have to go through the recovery process to prove to Google that the account belongs to you. Once you do that, you can delete the account. 

Deleting your Gmail account will not delete your Google account, nor will this delete other Google products. However, it is an option for those who want to delete a compromised email address. Remember, your emails and mail settings will be lost, and the email address will no longer be available to use. 

To delete your Gmail account:

  1. Before deleting your Gmail service, download your data.
  2. Go to your Google Account. On the left menu, click “Data and privacy.”
  3. Scroll down to “Data from apps and services you use.”
  4. Under “Download or delete your data,” click “Delete a Google service.” You may need to sign in.
  5. Find Gmail and click “Delete Icon.”
  6. Enter an existing email address to sign in and click “Send verification email.” (This email can’t be sent to a Gmail address.)
  7. Until you verify the new email address, Google won’t delete your Gmail address.

Additionally, you have the option to delete your entire Google account, including Gmail. If you choose to do so, download your data first (see the steps above). It is also recommended that if you use your Gmail account to recover passwords or as a login credential for other services like your bank, work, or school sites, change the email on those first.

To delete your Google account:

  1. Go to the “Data and Privacy section” of your Google Account.
  2. Scroll to “Your data and privacy options.”
  3. Select “More options” and then “Delete your Google Account.”
  4. Follow the instructions to delete your account.

Google goes to great lengths to keep Gmail accounts safe and secure. However, no account is unbreachable. Fortunately, there are many ways to know if your account has been hacked and several processes to recover it safely.

Ray Fernandez Ray Fernandez
Ray has been covering tech and cybersecurity for over 15 years. His work has appeared on TechRepublic, VentureBeat, Forbes, Entrepreneur, and the Microsoft Blog, among others.